fluxerapp/fluxer
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
2f557eda8c04c996afeb9cba60530bbf8bf5fcbb
fluxer/fluxer_api/src/auth/services/AuthEmailService.ts
Hampus Kraft 2f557eda8c initial commit
2026-01-01 21:05:54 +00:00

138 lines
4.9 KiB
TypeScript
Raw Blame History

/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {VerifyEmailRequest} from '~/auth/AuthModel';
import {createEmailVerificationToken} from '~/BrandedTypes';
import {SuspiciousActivityFlags, UserFlags} from '~/Constants';
import {RateLimitError} from '~/Errors';
import type {IEmailService} from '~/infrastructure/IEmailService';
import type {IGatewayService} from '~/infrastructure/IGatewayService';
import type {IRateLimitService} from '~/infrastructure/IRateLimitService';
import {Logger} from '~/Logger';
import {getUserSearchService} from '~/Meilisearch';
import type {User} from '~/Models';
import type {IUserRepository} from '~/user/IUserRepository';
import {mapUserToPrivateResponse} from '~/user/UserModel';
const EMAIL_CLEARABLE_SUSPICIOUS_ACTIVITY_FLAGS =
SuspiciousActivityFlags.REQUIRE_VERIFIED_EMAIL |
SuspiciousActivityFlags.REQUIRE_REVERIFIED_EMAIL |
SuspiciousActivityFlags.REQUIRE_VERIFIED_EMAIL_OR_VERIFIED_PHONE |
SuspiciousActivityFlags.REQUIRE_REVERIFIED_EMAIL_OR_VERIFIED_PHONE |
SuspiciousActivityFlags.REQUIRE_VERIFIED_EMAIL_OR_REVERIFIED_PHONE |
SuspiciousActivityFlags.REQUIRE_REVERIFIED_EMAIL_OR_REVERIFIED_PHONE;
export class AuthEmailService {
constructor(
private repository: IUserRepository,
private emailService: IEmailService,
private gatewayService: IGatewayService,
private rateLimitService: IRateLimitService,
private assertNonBotUser: (user: User) => void,
private generateSecureToken: () => Promise<string>,
) {}
async verifyEmail(data: VerifyEmailRequest): Promise<boolean> {
const tokenData = await this.repository.getEmailVerificationToken(data.token);
if (!tokenData) {
return false;
}
const user = await this.repository.findUnique(tokenData.userId);
if (!user) {
return false;
}
this.assertNonBotUser(user);
if (user.flags & UserFlags.DELETED) {
return false;
}
const updates: {email_verified: boolean; suspicious_activity_flags?: number} = {
email_verified: true,
};
if (user.suspiciousActivityFlags !== null && user.suspiciousActivityFlags !== 0) {
const newFlags = user.suspiciousActivityFlags & ~EMAIL_CLEARABLE_SUSPICIOUS_ACTIVITY_FLAGS;
if (newFlags !== user.suspiciousActivityFlags) {
updates.suspicious_activity_flags = newFlags;
}
}
const updatedUser = await this.repository.patchUpsert(user.id, updates);
await this.repository.deleteEmailVerificationToken(data.token);
const userSearchService = getUserSearchService();
if (userSearchService && updatedUser) {
await userSearchService.updateUser(updatedUser).catch((error) => {
Logger.error({userId: user.id, error}, 'Failed to update user in search');
});
}
await this.gatewayService.dispatchPresence({
userId: user.id,
event: 'USER_UPDATE',
data: mapUserToPrivateResponse(updatedUser!),
});
return true;
}
async resendVerificationEmail(user: User): Promise<void> {
this.assertNonBotUser(user);
const allowReverification =
user.suspiciousActivityFlags !== null &&
((user.suspiciousActivityFlags & SuspiciousActivityFlags.REQUIRE_REVERIFIED_EMAIL) !== 0 ||
(user.suspiciousActivityFlags & SuspiciousActivityFlags.REQUIRE_REVERIFIED_EMAIL_OR_VERIFIED_PHONE) !== 0 ||
(user.suspiciousActivityFlags & SuspiciousActivityFlags.REQUIRE_VERIFIED_EMAIL_OR_REVERIFIED_PHONE) !== 0 ||
(user.suspiciousActivityFlags & SuspiciousActivityFlags.REQUIRE_REVERIFIED_EMAIL_OR_REVERIFIED_PHONE) !== 0);
if (user.emailVerified && !allowReverification) {
return;
}
const rateLimit = await this.rateLimitService.checkLimit({
identifier: `email_verification:${user.email!}`,
maxAttempts: 3,
windowMs: 15 * 60 * 1000,
});
if (!rateLimit.allowed) {
const resetTime = new Date(Date.now() + (rateLimit.retryAfter || 0) * 1000);
throw new RateLimitError({
message: 'Too many verification email requests. Please try again later.',
retryAfter: rateLimit.retryAfter || 0,
limit: 3,
resetTime,
});
}
const emailVerifyToken = createEmailVerificationToken(await this.generateSecureToken());
await this.repository.createEmailVerificationToken({
token_: emailVerifyToken,
user_id: user.id,
email: user.email!,
});
await this.emailService.sendEmailVerification(user.email!, user.username, emailVerifyToken, user.locale);
}
}
Reference in New Issue View Git Blame Copy Permalink